asyncrat | hxxps://combocracks[.]blogspot[.]com/2023/10/mailacess-checker-by-xrisky[.]html | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://combocracks....

windows10-1703-x64

Sharing

General

Target

https://combocracks.blogspot.com/2023/10/mailacess-checker-by-xrisky.html
Sample

241008-qeecsssbpf

Score

10^/10

asyncrat njrat hacked discovery evasion persistence privilege_escalation rat spyware stealer themida trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://combocracks.blogspot.com/2023/10/mailacess-checker-by-xrisky.html

Resource

win10-20240404-en

asyncrat njrat hacked discovery evasion persistence privilege_escalation rat spyware stealer themida trojan

windows10-1703-x64

38 signatures

1800 seconds

Malware Config

Extracted

Family

asyncrat

Version

| Edit 3LOSH RAT

Mutex

AsyncMutex_7SI8OkPnk

Attributes

delay
3
install
true
install_file
ContainerRuntime.exe
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/Kb8rTgY7

aes.plain

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

4cpanel.hackcrack.io:11007

Mutex

Windows Explorer

Attributes

reg_key
Windows Explorer
splitter
|'|'|

Targets

- Target
  
  https://combocracks.blogspot.com/2023/10/mailacess-checker-by-xrisky.html
Score

10^/10

asyncrat njrat hacked discovery evasion persistence privilege_escalation rat spyware stealer themida trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Async RAT payload
  rat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Modifies Windows Firewall
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

asyncratnjrathackeddiscoveryevasionpersistenceprivilege_escalationratspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy